SlideShare ist ein Scribd-Unternehmen logo

SIEM and Threat Hunting

‱
‱
n|u - The Open Security Community
n|u - The Open Security Community

n|u Hyderabad Meet (Firetalks) - May 2018

Bildung
1 von 14
Downloaden Sie, um offline zu lesen
SIEM and Threat HuntingMay 19, 2018 1 @ervikey @nullhyd
Agenda  Introduction to SOC and SIEM  SOC – What, Why and How  SIEM - Tools and terminology  Threat Hunting  CyberKill Chain  APT - Advanced persistent threats  IoC -Indicators Of Compromise  IoA - indicators of attack  TTP - Tactics, Techniques and Procedures 2
SOC  A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. 3 SOC protect report identify investigate
Compliance Requirement 4  PCI DSS  HIPPA  FISMA  etc.. etc..
SIEM AccelOps SIEM,Alert Logic,AlienVault,Blue Lance,Centrify,CorreLog,Dell Intrust,Dell SecureWorks,eIQ,ELK Stack,EventGnosis,EventTracker,GFI EventsManager,HP ArcSight,IBM QRadar,Immune Security,Juniper STRM,Logalyze,LogLogic,LogPoint,LogRhythm,Logsign,Manag eEngine,McAfee ESM,NetIQ,Netwrix,RSA enVision,RSA Security Analytics,SenSage,SolarWinds,Splunk,SumoLogic 5
Incident Response 6 Identify Detect Contain Eradicate Recover
Threat Hunting 7 Investigate via Tools and Techniques Uncover New TTPs Automated analytics Create Hypotheses
CyberKill - Chain 8 Objectives Command &Control Lateral Movement ExploitationDeliveryWeaponRecon
IOC  virus signatures  IP addresses  URLs or domains  hash values  registry keys  filenames,  HTTP user agents Open Source Threat Intel :-  OTX,OpenIOC,STIX,cybox 9
IOA ïŹ Series of actions that an adversary must conduct in order to succeed. ïŹ All actions done by the attacker in order to prepare his attacks. ïŹ All the “signs” left by the attacker in earlier stages of the attack. Indicators of Attack
IoC vs. IoA  IoC’s are reactive indicators while IoA’s are proactive indicators  IoC’s can be used after a point in time, while IoA’s are used in real time  IoC’s are known, universal bad news, while IoA’s only become bad based on what they mean to you and the situation 11
Tactics, Techniques and Procedures (ATT&CK framework) 12
13
Thank You ! 14

Empfohlen

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 

Empfohlen

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘSecurity operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘReZa AdineH
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘSecurity operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘReZa AdineH
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 

Was ist angesagt? (20)

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘSecurity operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
Security operations center-SOC Presentation-Ù…Ű±Ú©ŰČ ŰčÙ…Ù„ÛŒŰ§ŰȘ Ű§Ù…Ù†ÛŒŰȘ
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 

Ähnlich wie SIEM and Threat Hunting

Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
The Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career GuideThe Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career Guidepriyanshamadhwal2
 
Best SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdfBest SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdfinfosec train
 
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!Infosec train
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - InfosectrainUnlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - InfosectraininfosecTrain
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfInfosecTrain Education
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...infosecTrain
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...Cristian Garcia G.
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event ManagementAnushka Deshapriya
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsyPrezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsyAzim191210
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxSonuSingh81247
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 

Ähnlich wie SIEM and Threat Hunting (20)

Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
The Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career GuideThe Ultimate Security Operations Center Career Guide
The Ultimate Security Operations Center Career Guide
 
Best SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdfBest SOC Career Guide InfosecTrain .pdf
Best SOC Career Guide InfosecTrain .pdf
 
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!
đ”đ„đ­đąđŠđšđ­đž 𝐒𝐎𝐂 đ‚đšđ«đžđžđ« 𝐆𝐼𝐱𝐝𝐞!
 
Unlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - InfosectrainUnlock Your Ultimate SOC Career Guide - Infosectrain
Unlock Your Ultimate SOC Career Guide - Infosectrain
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdfUnlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf
 
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER GUIDE FOR BE...
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
Security Information and Event Management
Security Information and Event ManagementSecurity Information and Event Management
Security Information and Event Management
 
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsyPrezentare_ANSSI.pptx gfdsry crsru drdrsy
Prezentare_ANSSI.pptx gfdsry crsru drdrsy
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
Ijetr042329
Ijetr042329Ijetr042329
Ijetr042329
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

KĂŒrzlich hochgeladen

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...SeĂĄn Kennedy
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 

KĂŒrzlich hochgeladen (20)

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 

SIEM and Threat Hunting

  • 1. SIEM and Threat HuntingMay 19, 2018 1 @ervikey @nullhyd
  • 2. Agenda  Introduction to SOC and SIEM  SOC – What, Why and How  SIEM - Tools and terminology  Threat Hunting  CyberKill Chain  APT - Advanced persistent threats  IoC -Indicators Of Compromise  IoA - indicators of attack  TTP - Tactics, Techniques and Procedures 2
  • 3. SOC  A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. 3 SOC protect report identify investigate
  • 4. Compliance Requirement 4  PCI DSS  HIPPA  FISMA  etc.. etc..
  • 5. SIEM AccelOps SIEM,Alert Logic,AlienVault,Blue Lance,Centrify,CorreLog,Dell Intrust,Dell SecureWorks,eIQ,ELK Stack,EventGnosis,EventTracker,GFI EventsManager,HP ArcSight,IBM QRadar,Immune Security,Juniper STRM,Logalyze,LogLogic,LogPoint,LogRhythm,Logsign,Manag eEngine,McAfee ESM,NetIQ,Netwrix,RSA enVision,RSA Security Analytics,SenSage,SolarWinds,Splunk,SumoLogic 5
  • 6. Incident Response 6 Identify Detect Contain Eradicate Recover
  • 7. Threat Hunting 7 Investigate via Tools and Techniques Uncover New TTPs Automated analytics Create Hypotheses
  • 8. CyberKill - Chain 8 Objectives Command &Control Lateral Movement ExploitationDeliveryWeaponRecon
  • 9. IOC  virus signatures  IP addresses  URLs or domains  hash values  registry keys  filenames,  HTTP user agents Open Source Threat Intel :-  OTX,OpenIOC,STIX,cybox 9
  • 10. IOA ïŹ Series of actions that an adversary must conduct in order to succeed. ïŹ All actions done by the attacker in order to prepare his attacks. ïŹ All the “signs” left by the attacker in earlier stages of the attack. Indicators of Attack
  • 11. IoC vs. IoA  IoC’s are reactive indicators while IoA’s are proactive indicators  IoC’s can be used after a point in time, while IoA’s are used in real time  IoC’s are known, universal bad news, while IoA’s only become bad based on what they mean to you and the situation 11
  • 12. Tactics, Techniques and Procedures (ATT&CK framework) 12
  • 13. 13